Hi, Daniel! On Apr 18, Daniel Black wrote:
1. What user logrotate is normally run as? root
So, unix_socket plugin is an option. In fact, as I realize now (all to late), it's always an option, even if logrotate would be using a special "logrotate" user, we could've still created "logrotate" user in MariaDB and grant it RELOAD privilege. But "root" makes it easier, of course.
2. Does logrotate really need to connect to mysqld do issue "FLUSH"? Why not send SIGHUP instead? This needs no user and no password.
I hadn't considered that:
https://github.com/MariaDB/server/blob/10.1/sql/mysqld.cc#L3440..L3466
Looks a little too invasive hitting binary logs, relay logs, host, grant, threads.
Yes, but once a week? I'm not a DBA, I don't know if that's acceptable.
However another signal like USR1 could be used for a more minimal log rotate. Acceptable?
I wanted to reuse existing server functionality, to avoid coding something new in the server for the sake of logrotate. But if SIGHUP is too heavy, than yes, USR1 could be an option. Regards, Sergei Chief Architect MariaDB and security@mariadb.org